This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/xMaO1kpAAyo6v9RGWtF6_HLkn7Q.roa
File:                     xMaO1kpAAyo6v9RGWtF6_HLkn7Q.roa (raw, json)
Hash identifier:          N7lnmqCIb1rzPeOt4DsozBGYc4jYHtEfkvBZTc7LyV8=
Subject key identifier:   C4:C6:8E:D6:4A:40:03:2A:3A:BF:D4:46:5A:D1:7A:FC:72:E4:9F:B4
Certificate issuer:       /CN=70a0b5aca731ea71f26d63d23c22c123b2bb120f
Certificate serial:       019B7D5BF0CA26BC728240C0B75D977A91CE
Authority key identifier: 70:A0:B5:AC:A7:31:EA:71:F2:6D:63:D2:3C:22:C1:23:B2:BB:12:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/xMaO1kpAAyo6v9RGWtF6_HLkn7Q.roa
Signing time:             Fri 02 Jan 2026 06:18:56 +0000
ROA not before:           Fri 02 Jan 2026 06:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29003
IP address blocks:        192.162.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:f0:ca:26:bc:72:82:40:c0:b7:5d:97:7a:91:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70a0b5aca731ea71f26d63d23c22c123b2bb120f
        Validity
            Not Before: Jan  2 06:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4c68ed64a40032a3abfd4465ad17afc72e49fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a3:ba:c2:23:da:8e:d3:e0:0a:98:70:da:af:
                    cd:d1:ba:9c:d4:b7:43:5c:05:27:9c:cb:d6:99:f6:
                    9e:3b:4b:85:b3:64:97:df:d4:9e:97:29:40:0e:d3:
                    25:8a:a9:1c:32:78:63:3a:13:f3:92:05:6a:c8:94:
                    ae:97:62:82:71:46:88:04:9d:3b:c4:59:bb:17:de:
                    08:2b:6b:11:f1:34:29:cd:de:f6:01:0e:69:04:9b:
                    02:d5:63:3d:6f:d1:87:62:28:a8:93:57:08:88:b8:
                    26:9e:4d:54:89:17:0f:0e:e0:3f:b9:ef:8c:d4:b2:
                    b1:77:8b:f4:2a:63:ff:66:6c:67:dc:67:be:8f:a1:
                    ca:61:c5:4c:85:6d:06:ea:9d:ab:d8:82:41:2c:bb:
                    33:fb:89:4c:87:07:bd:32:7f:cf:05:35:9a:21:e9:
                    cb:79:2f:8c:17:c8:dd:d4:fd:73:20:04:1e:81:7b:
                    23:92:1b:86:f7:ec:f3:0c:db:7c:b1:9a:f4:3b:b2:
                    e8:85:d4:24:18:00:2d:ec:5e:dd:80:e8:c3:3a:0c:
                    8a:33:f9:56:88:81:f4:27:a0:72:09:35:91:20:fa:
                    4a:9f:6d:11:30:63:3d:d1:95:c4:e7:3d:80:2b:ba:
                    76:d4:a8:2a:7b:d8:f5:c5:86:9d:87:e4:79:df:d0:
                    ed:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C6:8E:D6:4A:40:03:2A:3A:BF:D4:46:5A:D1:7A:FC:72:E4:9F:B4
            X509v3 Authority Key Identifier:
                keyid:70:A0:B5:AC:A7:31:EA:71:F2:6D:63:D2:3C:22:C1:23:B2:BB:12:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKC1rKcx6nHybWPSPCLBI7K7Eg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/xMaO1kpAAyo6v9RGWtF6_HLkn7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/f649e5-a7cb-4218-93e0-43e31800df0c/1/cKC1rKcx6nHybWPSPCLBI7K7Eg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:08:85:ab:35:eb:83:65:96:79:3f:17:80:12:93:37:b7:b4:
         d5:56:0f:47:18:43:ac:32:6e:4d:a9:11:4a:4b:bd:85:fc:0e:
         a5:e6:4e:f1:96:5f:f8:36:aa:15:af:d8:6e:9a:a6:04:36:a5:
         9b:e1:22:09:ed:c9:4e:81:aa:0a:c3:5c:94:b6:d9:c3:db:25:
         b9:dd:f7:e5:b4:94:a7:cf:82:bb:9f:e3:13:36:e0:6f:ca:38:
         24:a1:cf:11:d8:cf:a7:af:0a:a9:cf:ab:1d:24:34:e1:f1:c8:
         0c:02:1b:3c:2f:fb:c9:26:48:3b:08:60:87:e1:07:3f:e0:b6:
         2b:4c:2f:92:66:05:4c:f5:75:79:c0:82:5e:eb:45:e0:5b:ca:
         b9:33:4c:06:02:21:01:f9:61:02:b2:cd:03:8c:c0:a8:f6:e1:
         ff:75:72:3b:8c:46:9f:3f:8e:b6:f1:46:42:0d:d4:9f:ee:08:
         ac:a2:dc:12:d2:d7:8b:95:2d:96:ae:46:36:5b:17:55:79:ba:
         21:0e:d1:43:ad:fe:d5:82:0b:65:bb:ba:19:b7:31:71:9c:09:
         32:77:3b:52:f3:42:77:1b:b0:80:53:4a:eb:da:a7:99:3d:80:
         93:d8:06:f9:ac:ff:50:1f:8c:03:62:0c:65:0e:5b:90:cc:13:
         1a:88:03:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/DKJrxygkDAt12XepHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTBiNWFjYTczMWVhNzFmMjZkNjNkMjNjMjJjMTIzYjJi
YjEyMGYwHhcNMjYwMTAyMDYxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGM2OGVkNjRhNDAwMzJhM2FiZmQ0NDY1YWQxN2FmYzcyZTQ5ZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46O6wiPajtPgCphw2q/N0bqc1LdD
XAUnnMvWmfaeO0uFs2SX39SelylADtMliqkcMnhjOhPzkgVqyJSul2KCcUaIBJ07
xFm7F94IK2sR8TQpzd72AQ5pBJsC1WM9b9GHYiiok1cIiLgmnk1UiRcPDuA/ue+M
1LKxd4v0KmP/Zmxn3Ge+j6HKYcVMhW0G6p2r2IJBLLsz+4lMhwe9Mn/PBTWaIenL
eS+MF8jd1P1zIAQegXsjkhuG9+zzDNt8sZr0O7LohdQkGAAt7F7dgOjDOgyKM/lW
iIH0J6ByCTWRIPpKn20RMGM90ZXE5z2AK7p21Kgqe9j1xYadh+R539DtjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTGjtZKQAMqOr/URlrRevxy5J+0MB8GA1UdIwQY
MBaAFHCgtaynMepx8m1j0jwiwSOyuxIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tDMXJLY3g2bkh5YldQU1BDTEJJN0s3RWc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9mNjQ5ZTUtYTdjYi00MjE4LTkzZTAt
NDNlMzE4MDBkZjBjLzEveE1hTzFrcEFBeW82djlSR1d0RjZfSExrbjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9mNjQ5ZTUtYTdjYi00MjE4LTkzZTAtNDNlMzE4MDBkZjBj
LzEvY0tDMXJLY3g2bkh5YldQU1BDTEJJN0s3RWc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKIRMA0G
CSqGSIb3DQEBCwUAA4IBAQDACIWrNeuDZZZ5PxeAEpM3t7TVVg9HGEOsMm5NqRFK
S72F/A6l5k7xll/4NqoVr9humqYENqWb4SIJ7clOgaoKw1yUttnD2yW53ffltJSn
z4K7n+MTNuBvyjgkoc8R2M+nrwqpz6sdJDTh8cgMAhs8L/vJJkg7CGCH4Qc/4LYr
TC+SZgVM9XV5wIJe60XgW8q5M0wGAiEB+WECss0DjMCo9uH/dXI7jEafP4628UZC
DdSf7gisotwS0teLlS2WrkY2WxdVebohDtFDrf7Vggtlu7oZtzFxnAkydztS80J3
G7CAU0rr2qeZPYCT2Ab5rP9QH4wDYgxlDluQzBMaiAMb
-----END CERTIFICATE-----